ertank 28 Posted April 24, 2023 Hello, I have a company that would like to send me some data over a webhook. They want me to provide them access information for an x-api-key header. I know that MARS uses Authorization header for secure access. I am not sure if it is possible to support x-api-key header for a specific use case. Any help is appreciated. Thanks & Regards, Ertan Share this post Link to post
Andrea Magni 75 Posted April 25, 2023 Hi, yes you can easily read request's header: 1) using the HeaderParam attribute to decorate a field of your resource (or an argument of your method) to retrieve the value 2) accessing the IMARSActivation and the Request field to have a more direct access to the underlying request object Other thing is to use that header to provide authentication/authorization through MARS built-in facilities. We can explore that too, just let me know what you need and some examples of requests. Sincerely, Andrea Share this post Link to post
ertank 28 Posted April 25, 2023 Hi, If possible, I do not want to use existing "Authorization" header. I would like to allow access or block access depending on "x-api-key" header on each request. - x-api-key header missing: Block the request using 404 - x-api-key header exists: Check in a method that it is correct. Allow only if correct, else block the request using 404 Very basic example would be: Incoming request Header: x-api-key: my_own_key_data Incoming request Body: {"data":"Various json data. To be read as whole in a string"} Attached you can find is a sample postman request. Thanks & Regards, Ertan webhook_test.postman_collection.json Share this post Link to post
ertank 28 Posted April 27, 2023 Hi, I didn't know about HeaderParam attribute. [POST, Path('test')] function Test([HeaderParam('x-api-key')] const ApiKey: string; [BodyParam] const Body: string): string; Using above, I can check about ApiKey value in the function and use EMARSHttpException for returning a 404 error if necessary. I was searching a way to block a request with wrong x-api-key header value even before function code execution, but above approach is a solution, too. Thanks & Regards, Ertan Share this post Link to post